13 March 2019, 18:58 | #1 |
Registered User
Join Date: Aug 2004
Location:
Posts: 3,349
|
Ghidra disassembler / decompiler supports 68000
Has anyone else checked out the recently-released Ghidra tool? It's an interactive disassembler/decompiler which was developed by the NSA. Kind of similar in functionality to IDA Pro + Hex-Rays decompiler, except it's free and open source, written in Java.
It supports several CPU architectures including 68000. The decompiler works too! This could make reverse-engineering and understanding 68000 code a lot easier. Maybe it could help with porting 68000 code to C too (e.g. crunchers/decrunchers). It doesn't support the Amiga load file format but does support ELF. But assuming it's possible to convert Amiga load files to ELF that's not a huge problem. Here's a screenshot I took after loading a Kickstart ROM image into it: hXXps://www.media!fire.com/view/eldsf8c599m1t9p/Pic.png/file [EAB doesn't allow direct links; change hXXtps to https, remove !] That was done with basically no manual analysis on my part. Note the decompiled version on the right side. It would be great if people who know Java and the Amiga could contribute stuff like Amiga load file support, register names etc. And maybe definitions from the include files which are built into ReSource. There's a GitHub repository where eventually pull requests could be made? |
13 March 2019, 20:40 | #2 |
Amigan
Join Date: Feb 2012
Location: London
Posts: 1,316
|
I saw this in the usual places but I didn't imagine it supports 68k. The reversed C looks interesting.
No source on github yet. Are the NSA hacking us |
13 March 2019, 22:11 | #3 |
Ex nihilo nihil
Join Date: Oct 2017
Location: CH
Posts: 4,997
|
Looks interesting, but.... ~280MB archive for a disassembler / decompiler (1GB HD space after install). Ouch !
|
13 March 2019, 22:51 | #4 |
Registered User
Join Date: Aug 2004
Location:
Posts: 3,349
|
Not to mention the Java runtime if you don't already have it. But it's not like you'll be installing it on your old Amiga HD...
After unpacking you could browse through the directory tree and delete all the source code archives (filenames ending in -src.zip) which should free up a little space. Last edited by mark_k; 14 March 2019 at 21:05. |
13 March 2019, 22:56 | #5 |
Coder/webmaster/gamer
Join Date: Oct 2001
Location: Canberra/Australia
Posts: 2,669
|
It's written in Java and also presumably full of NSA spyware, those two things probably explain the bloat.
|
14 March 2019, 08:44 | #6 |
move.l #$c0ff33,throat
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 6,863
|
|
14 March 2019, 08:50 | #7 |
Coder/webmaster/gamer
Join Date: Oct 2001
Location: Canberra/Australia
Posts: 2,669
|
And who has audited every line of this huge amount of code? Eg. an accidental flaw like Heartbleed in a small widely used piece of code can go unnoticed for years. Let alone if someone actually wanted to obfuscate and hide something in a much larger piece of code. Also there is the possibility of compromises further up the tool chain.
|
14 March 2019, 09:14 | #8 |
move.l #$c0ff33,throat
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 6,863
|
|
14 March 2019, 10:31 | #9 |
Coder/webmaster/gamer
Join Date: Oct 2001
Location: Canberra/Australia
Posts: 2,669
|
So you missed the whole Snowden thing? https://www.dailydot.com/layer8/nsa-...rview-blarney/ But that's all just a figment of my (and the rest of the world's) imagination I suppose?
Last edited by Minuous; 14 March 2019 at 10:42. |
14 March 2019, 11:07 | #10 |
Registered User
Join Date: May 2017
Location: Munich/Bavaria
Posts: 2,425
|
As much as I am aware of the use of spyware by these organizations: It would make no sense in this case, so it is highly unlikely:
It is the NSA - so everybody expects something fishy and every hacker or foreign service would be glad to find some evidence (spyware, backchannel) in the code. So it will be looked at very closely. The NSA has plenty of other and better tools to spy on people. Spying is not the primary goal of this release - at least only in a very indirect way: the NSA is hoping for some input from the open source community, to a) make their own software better and b) identify coders that are good at dissembling binaries for later recruitment. Last edited by Gorf; 14 March 2019 at 12:50. |
14 March 2019, 12:44 | #11 |
Registered User
Join Date: May 2004
Location: Somewhere secret
Age: 50
Posts: 366
|
I somehow doubt the NSA are going to backdoor a tool that is going to be used by a large number of the world's best reverse engineers... that would seem like a certain path to an epic fail.
On topic - it's a pretty impressive tool honestly, even if I'm more used to IDA. My only complaint is the analysis time, it's about 10* slower than IDA on a decent sized PE file for example. But it does indeed support 68000 (and good ARM support also), which a free IDA does not, so I guess it wins by default? |
14 March 2019, 13:19 | #12 |
Registered User
Join Date: Feb 2007
Location: Melbourne, Australia
Age: 41
Posts: 3,773
|
That C "code" is pretty ugly to say the least. Why would you want to convert asm to C anyway? Sounds like a huge amount of work, and the end result being that the code runs slower.
|
14 March 2019, 13:26 | #13 | |
Registered User
Join Date: May 2017
Location: Munich/Bavaria
Posts: 2,425
|
Quote:
If you are a master in 68k-asm you probably don't need it, but such a tool, can give you more insight of the code structure |
|
14 March 2019, 13:32 | #14 |
Registered User
Join Date: Feb 2007
Location: Melbourne, Australia
Age: 41
Posts: 3,773
|
Doesn't look like it gives a lot of insight to me. I'd rather read the asm (and I'm far from a master in 68k).
Maybe it could be useful if the C "decompiler" was improved. |
14 March 2019, 13:50 | #15 |
Registered User
Join Date: Nov 2014
Location: NSW/Australia
Posts: 462
|
I think the point is to convert back to a common "standard" so that it's easier to run malware analysis and heuristic scans on the decompiled code.
For example - malware that targets a particular library vulnerability - that happens to be compiled for arm/x86/68k/power which was originally written in a high level language... |
14 March 2019, 14:03 | #16 | |
son of 68k
Join Date: Nov 2007
Location: Lyon / France
Age: 51
Posts: 5,355
|
Quote:
It might be a great tool if it were able to produce C that actually compiles and works. But i doubt anything can do this (my attempts at hex-rays failed). |
|
14 March 2019, 14:44 | #17 | |
move.l #$c0ff33,throat
Join Date: Dec 2005
Location: Berlin/Joymoney
Posts: 6,863
|
Quote:
Sure, it really has a lot to do with the tool being discussed here. But yes, it is probably full of spyware and completely unusable as it was made by the NSA. Feeling better now? |
|
14 March 2019, 16:48 | #18 | |
Registered User
Join Date: Aug 2004
Location:
Posts: 3,349
|
Quote:
For hardware-hitting Amiga code, it would be fairly easy to teach Ghidra about the custom chip and CIA registers so accesses to them could automatically show register names. It also seems possible to teach it about compiler library functions so they would be recognised automatically. Kind of similar to the way ReSource's CFuncs.rcl can recognise some Aztec C library functions. No more wasting time disassembling a function only to discover it's printf(). |
|
14 March 2019, 18:02 | #19 |
Registered User
Join Date: Aug 2004
Location:
Posts: 3,349
|
How to convert Amiga hunk executables to ELF? I tried using vlink latest release binary, vlink_AmigaM68k.lha) and it gives an internal error (must be a vlink bug?) when I tried to convert C:List. That executable just contains a single code hunk, nothing fancy.
Code:
> vlink -b elf32m68k List Warning 12: "List" is already an executable file. INTERNAL ERROR: elf32_makeshdrs(): PHDR " dummy" offs 84 != 52 . Aborting. |
18 March 2019, 23:31 | #20 | ||||
Registered User
Join Date: Mar 2018
Location: Hastings, New Zealand
Posts: 2,710
|
Quote:
Quote:
Quote:
Quote:
|
||||
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Disassembler | copse | Coders. General | 86 | 01 January 2023 20:34 |
Peasauce disassembler | copse | Coders. General | 1 | 31 January 2021 20:54 |
IDA Disassembler | BippyM | Coders. General | 36 | 03 October 2018 10:51 |
resource disassembler | dalton | request.Apps | 5 | 05 July 2006 21:26 |
ReSource disassembler | gizmomelb | request.Apps | 5 | 21 January 2006 23:50 |
|
|